LogRythm Engineer

3 months ago


Harrisburg, United States e&e IT Consulting Services, Inc. Full time

e&e is seeking a LogRythm Engineer for a hybrid (ONE day a week on site) for contract to hire opportunity in Harrisburg, PA **Must be a PA Resident** **Unable to SPONCER VISA’s**

JOB PURPOSE AND SUMMARY

This position is responsible for developing and supporting all aspects of the Enterprise Security Office’s (ESO) Security Operations Center (SOC). This includes acting as subject matter expert in Security Information & Event Management (SIEM) enrichment activities including new log source ingestion, developing alerts, and maintaining SIEM environment. This also includes monitoring and reporting on security tools (firewall, intrusion prevention, data loss prevention, AWS guard duty, etc.), identifying and coordinating responses to security related incidents, performing internal security reviews, and correlating security logs from multiple systems to identify potential security events. This position performs at a high level of complexity with a high level of proficiency and is an escalation contact and mentor for other team members.

Security Operations Center Management

  • Serve as subject matter expert in LogRhythm (SIEM)
  1. Develop and implement processes and procedures for effective deployment of upgrades and management of LogRhythm.
  2. Onboard new log sources and build / tune new use cases for the various log sources.

Monitor and analyze security alerts within our SIEM, promptly verifying and responding to incidents.

Utilize LogRhythm for incident detection, analysis, response, and perform forensic investigations and malware analysis as necessary.

Implement and manage smart responses within LogRhythm to enhance SOC capabilities and efficiency.

Prepare detailed emerging threat reports using threat feeds and share any findings with agency stakeholders.

Research and recommend enhancements for LogRhythm to ensure the SOC remains at the forefront of emerging technologies and threats.

Develop strategic relationships with internal and external stakeholders, ensuring the SOCs alignment with business goals.

Perform audit activities to report on compliance, security configurations, and assist with developing metrics and dashboards to report to senior management.

Identify and implement commercial off-the-shelf and custom tools to analyze network and security event data.

Review alerts and findings from cloud-based security tools such as AWS Security Hub and AWS Guard Duty.

Monitor and triage alerts from our MS Defender for Endpoints and Trend Micro Vision One

Build Security Orchestration Automation Response (SOAR) playbooks based on alarms from our various security systems To assist in automating repetitive tasks and alarm info enrichment.

Continuous Monitoring, Incident Response, and Security Controls Support

Continuous monitoring of information security solutions and security control effectiveness.

Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to the agency’s networks and systems.

Evaluate the type and severity of security events by making use of an in-depth understanding of exploits and vulnerabilities. Resolve issues by taking the appropriate corrective action or following the appropriate escalation procedures. Lead forensics investigations when required.

Triage information security events, prioritize them accordingly, and escalate them as required.

Analyze alerts and log events to identify potential security threats and initiate incident response procedures.

Gather all relevant documentation and evidence related to incidents.

Collaborate with various teams to identify technical controls to meet specific security requirements.

Perform self-assessments of security controls to determine effectiveness, sufficiency, and gaps.


EDUCATION AND EXPERIENCE Minimum qualifications: Bachelor’s degree with five or more years of relevant work experience in information security administration and two to three years of hands-on experience in developing SIEM solutions or any combination of the equivalent combination of skills, experience, and/or certification(s).

  • Advanced experience developing SIEM solution using LogRhythm including log source onboarding, use case development, smart response development, software patching and maintenance.
  • Must have experience in monitoring AWS hosted environments using Guard Duty, Security Hub, Macie, etc. and ingesting log sources from AWS environments into the on-prem LogRhythm solution.
  • Experience with any industry recognized SOAR product is plus but not required.
  • Experience with advanced security and forensics. Strong technical background in computer systems, networks, and forensics.
  • Broad knowledge of technical risks and tools used to prevent, detect, and remediate security issues.
  • Strong understanding of the current vulnerabilities, response, and mitigation strategies used in information security.
  • Strong understanding of privacy, security, and other regulations that are applicable to PHEAA.
  • Ability to calculate regulatory, reputational, and other risks based on incident.
  • Knowledge of security principles, risk assessment policies and standards, information security best practices, products and technologies, defense strategies, and network technologies.
  • Advanced knowledge of the National Institute of Standards and Technology (NIST) security controls family and guidance to include NIST SP800-53.
  • Experience with various operating systems with a focus on Microsoft Windows and Linux/Unix.
  • Demonstrated ability to meet schedules and deadlines with thorough, accurate and quality work products.
  • Ability to remain flexible in a demanding work environment and adapt to rapidly changing priorities.
  • Effective skills with time management, prioritization, and attention to detail.
  • Demonstrated analytical, critical thinking, and organizational skills.
  • Possess a high level of integrity and ethics.
  • Proficient use of Microsoft Office suite.


Preferred Qualifications: Current security-related industry certifications; application development experience, including the ability to create scripts; knowledge of computer forensic investigation principles and techniques. Demonstrated current knowledge and experience or certification in relevant industry certifications such as relevant industry certifications such as CISSP, CompTIA's Network+, CompTIA's Security+, and ComTIA Cybersecurty Analyst.

PHYSICAL DEMANDS AND WORK ENVIRONMENT

  • This position requires participation in a 24x7x365 on-call rotation. The frequency of the rotation depends on the number of members of the SOC. Internet connectivity from home is required as part of the on-call rotation